package cn.tedu.knows.auth.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends
                        WebSecurityConfigurerAdapter {

    // 设置全部放行,因为这些权限的管理是在Session中设置的
    // 我们设置的令牌不需要这些内容
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()  // 防跨域攻击
            .authorizeRequests()  //访问权限设置
            .anyRequest().permitAll() //全部放行
            .and().formLogin();  // 支持表单登录
    }
    // 生产的令牌是需要加密的
    // 我们将一个加密对象保存到Spring Security中
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
    // Spring Cloud Security登录需要权限管理器
    // 而这个管理器在本类的父类中,
    // 如果要使用需要保存到Spring容器中
    @Bean
    public AuthenticationManager
             authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

}






